Refactor CommandLineQuery.qll

2026-04-26 01:05:15 +02:00 · 2023-03-19 23:33:02 -04:00
parent 117a983423
commit 0249890747
3 changed files with 37 additions and 9 deletions
--- a/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+++ b/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -16,9 +16,11 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.ExternalProcess
 import semmle.code.java.security.CommandLineQuery
-import DataFlow::PathGraph
+import RemoteUserInputToArgumentToExecFlow::PathGraph

-from DataFlow::PathNode source, DataFlow::PathNode sink, ArgumentToExec execArg
+from
+  RemoteUserInputToArgumentToExecFlow::PathNode source,
+  RemoteUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg
 where execTainted(source, sink, execArg)
 select execArg, source, sink, "This command line depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
@@ -17,10 +17,12 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.ExternalProcess
 import semmle.code.java.security.CommandLineQuery
 import JSchOSInjection
-import DataFlow::PathGraph
+import RemoteUserInputToArgumentToExecFlow::PathGraph

 // This is a clone of query `java/command-line-injection` that also includes experimental sinks.
-from DataFlow::PathNode source, DataFlow::PathNode sink, ArgumentToExec execArg
+from
+  RemoteUserInputToArgumentToExecFlow::PathNode source,
+  RemoteUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg
 where execTainted(source, sink, execArg)
 select execArg, source, sink, "This command line depends on a $@.", source.getNode(),
  "user-provided value"